<?php
        session_start();
        if(isset($_SESSION['lang']))
            require_once "./language_files/submission_".$_SESSION['lang'].".php";
        else
            require_once "./language_files/submission_en.php";
 
		include ("functions.php");
            //start a session to get member id
            $memberid = $_SESSION['member_id'];
		
            //open connection
            mysql_connect("localhost", "root", "") or die("Connection Failed");
            mysql_select_db("mydb") or die("Connection Failed");
            // if the conference id from the referred page is available
            if (isset($_GET['conference_id'])) {
				
                // Get the conference id from the referred page
                $cId = intval($_GET['conference_id']);
				$confid = mysql_real_escape_string($cId);
				$get_name = mysql_query("Select long_name From Conference Where conference_id = '$confid'")or die(mysql_error());
				$Get_name = mysql_fetch_assoc($get_name);
				$long = formatText_safe($Get_name['long_name']);
				echo "<h1>{$long}</h1>";
				echo "<h2>". $lang['submit'] ."</h2>";
				
				}
				?>


<html>
    <head>

        <script type="text/javascript">
            function validate(e)
            {        
                
                //get the value of the element paper          
                text = document.getElementById("paper").value;
                //get the last index of the "\"
                var indexOfSlash = text.lastIndexOf('\\');
                //get the file name which is the after the last "\" and set it to a variable
                var file = text.substring(indexOfSlash + 1);
                
                //                alert(text);
                //                return false;
//                arr=[","," ",";","'",">","<", ":","/","\\","?"];
//                for(i=0; i<arr.length; i++ )
//                {                        
//                    //                        alert(text.indexOf(arr[i]));
//                    //                        alert(text.indexOf(arr[i]) != -1);
//                    if(file.indexOf(arr[i]) != -1)
//                    {
//                        alert ("Warning! Illegal filename!");
//                        return false;
//                    }
//                    //                            break;
//                }
//                return true;
       //check if there is any illegal character in the file name using regular expressions then print a message for the user
                if(file.match(/^[\w\.]+$/) == null) {
                    alert ("Warning! Illegal filename!");
                    return false;
                }
                return true;
            }

             
        </script>
        <title></title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

                        <link href="style3.css" rel="stylesheet" type="text/css" />
    </head>
    
 <form action= "" method="post" enctype="multipart/form-data" onsubmit="return validate(this);" >
     
 <input type="file" name="paper" accept="pdf" id="paper" />  </br>
 <?php

   
      
//select the category ids of the categories in that conference which their submission deadlines are after the current date
                $getcategID = "SELECT CC.category_id, category
                              FROM category C, conference_category CC
                              WHERE conference_id =  '$confid' AND  C.category_id = CC.category_id AND submission_date > NOW()";
                                                
                $getCatID = mysql_query($getcategID);
// select the names of the categories
                echo "<select name=\"Category\">";
//make the drop down list as the number of rows of the categories 
                if (mysql_num_rows($getCatID)) {
// get the id of the category selected
                    while ($line = mysql_fetch_assoc($getCatID)) {
					$catID = formatText_safe($line[category]);
                        echo "<option value='" . $line['category_id'] . "'>". $catID ." </option>";
                    }
                }
//if there wasn't anything selected print the following
                else {

                    echo "<option>" . $lang['noCat'] . "</option>";
                }

//create the submit button by the following line
                ?>

                </br>

                <input type="submit" name="submit" value="<?php echo $lang['submit']; ?>" /> 
                </br>

                <?php
// Check if a file has been submitted
                if (isset($_FILES['paper'])) {
// Make sure the file was sent without errors
                    if ($_FILES['paper']['error'] == 0) {
//check if the size of the file exceeds 1 MB the maximum size then print a message for the user
                        if($_FILES['paper']['size']> 1000000) {
                            echo $lang['alert_5'];
                        }
                        else {
 //check if the file type is not pdf so print a message for the user since the allowed type is pdf only
                            if($_FILES['paper']['type'] != 'application/pdf') {
                                echo $lang['alert_4'];
                            }
                //if its type is pdf so continue submitting
                      else {


// Gather all required data such as the name of the paper,size and the selected category and save its path.
                        $name = $_FILES['paper']['name'];
                        $target_path = "paper/" . $_FILES['paper']['name'];
                        move_uploaded_file($_FILES['paper']['tmp_name'], $target_path);
                       

//set the id of the selected category by a variable
                        $category = $_REQUEST['Category'];

//if the user click the submit button 
                        if (isset($_POST['submit'])) {
// Create the SQL query which is adding the paper submitted
                                $insertpaper = " INSERT INTO `Paper` (`paper_title`, `category_id`, `date_of_submission`,`status`,`conference_id`,`author_id`)
                        VALUES ('$name', {$category} ,NOW(),'To be reviewed', '$confid' ,'$memberid')";
                                $insert_paper = mysql_query($insertpaper) or die(mysql_error());

//put the paper id which is autoincremented from the insertion in a new variable to insert it in table Version
                                if ($insert_paper) {
                                    $last_autoincrement_id = mysql_insert_id();
                                }
                                $insertversion = "INSERT INTO `Version` (`paper_id`,`path`)
                                VALUES('{$last_autoincrement_id}','{$target_path}')";
                                $insert_version = mysql_query($insertversion) or die(mysql_error());
include ("statics.php");
                        // Execute the query
                        mysql_query($insertversion) or die(mysql_error());
                        $last_autoincrement_versionid = mysql_insert_id(); 
                        exec("pdftohtml -c -noframes " . escapeshellcmd($target_path));
                        iReformat($last_autoincrement_versionid);
//Set Role 
//select the role of the user doing the action using his id and the conference id and fetch it
                                $getRoleofUser = mysql_query("SELECT role FROM Privileges INNER JOIN member_privileges 
                                ON Privileges.privileges_id = member_privileges.privileges_id 
                                WHERE member_privileges.member_id = '$memberid' AND member_privileges.conference_id='$confid'") or die(mysql_error());
								$isAuthor= false;
                              while(  $getRole = mysql_fetch_assoc($getRoleofUser))
							  {
							  if ($getRole['role'] = 'author')
							  {
							  $isAuthor = true; 
							  break;
							  }
							  }
                                // if his role was not an author or an organizer in that conference
                              if ($isAuthor==false) {
                                    $type = 'author';
                                    // select the privilege id of author and fetch it
                                    $getprivID = mysql_query("SELECT `privileges_id` FROM `Privileges` WHERE `role` = '" . $type . "'")
                                            or die(mysql_error());
                                    $getpriv_id = mysql_fetch_assoc($getprivID);
                                    // then set the role of the user into an author
                                    $setToAuthor = mysql_query("INSERT INTO`member_privileges` (`member_id`,`privileges_id`,`conference_id`)
                                     VALUES('$memberid','" . $getpriv_id['privileges_id'] . "','$confid')") or die(mysql_error());
                                }
                    //Check if it was successful
                                if ($insert_paper && $insert_version) {
								   if (isset($_GET['new'])) {
                                    isNewMember();
									}
                                      echo '<script type="text/javascript">',
                'alert("The paper has been successfully uploaded");',
                '</script>';
                                     
                                } else {
                                    echo $lang['error_1'];
                                }

            //check if he his role is set to author if he was not an author or an organizer in that conference
                                if (isset($setToAuthor)) {
                                    echo $lang['alert_1'];
                                } else {
                                    echo $lang['alert_2'] ;
                                }

            // Close the mysql connection
                                mysql_close();
                            }
                        }
                        }}
                        //if there was an error while inserting the file print the following message
                     else {
                        echo $lang['alert_3'] ;
                    }
                }
                
                // Author: Rana Tarek
                function isNewMember() {
    // get the member_id sent from the previous page (incomingRequests.php)
    $member_id = mysql_real_escape_string($_GET['member_id']);
    // get the conference id sent from the previous page (incomingRequests.php)
    $confid = mysql_real_escape_string($_GET['conference_id']);
    // get the request id sent from the previous page (incomingRequests.php)
    $request_id = mysql_real_escape_string($_GET['request_id']);
    // check if the url contains the word 'new', which indicated that this member is still accepting a request to become an author

        // update the approve field to true
        mysql_query("UPDATE member_request_member SET approve = '1' where member_id2 = '$member_id' and conference_id= '$confid' and type = 'A'
              and request_id ='$request_id'") or die('here1' . mysql_error());
    }

                ?>

                </body>                       
                </html>
                    
                
